bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
4911d0453d6786ffec5bf87134b12204aea08a8f
zira-etc/imunify360-webshield/webshield.conf

160 lines
4.4 KiB
Plaintext
Raw Blame History

user imunify360-webshield;
worker_processes 1;
error_log /var/log/imunify360-webshield/error.log warn;
pid /var/run/imunify360-webshield.pid;
worker_rlimit_nofile 65536;
events {
worker_connections 65536;
multi_accept on;
}
http {
variables_hash_max_size 2048;
map_hash_max_size 4096;
map_hash_bucket_size 128;
# Make sure all clients' headers are passed
ignore_invalid_headers off;
# Allow upload of files of unlimited size
client_max_body_size 0;
include /etc/imunify360-webshield/mime.types;
default_type application/octet-stream;
# XFF:"ip" is to match nginx captcha access.log separately from
# other access logs
log_format main '$wsuserip - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent $host "$http_referer" '
'"$http_user_agent" WL:"$domain_whitelisted" "$http_x_requested_with" '
'XFF:"$http_x_forwarded_for" CAPTCHA:"$wscaptcha" PEER:$remote_addr';
access_log /var/log/imunify360-webshield/access.log main;
include /etc/imunify360-webshield/unified_access_logger.conf;
sendfile on;
#tcp_nopush on;
keepalive_timeout 0;
#gzip on;
proxy_read_timeout 180s;
proxy_send_timeout 180s;
proxy_buffering off;
proxy_buffers 8 128k;
proxy_buffer_size 128k;
client_body_buffer_size 128k;
http2_max_field_size 8k;
include webshield-http.conf.d/*.conf;
include /etc/imunify360-webshield/wscheck.conf;
include /etc/imunify360-webshield/captcha.conf;
include /etc/imunify360-webshield/splashscreen.conf;
include /etc/imunify360-webshield/splashscreen-antibot.conf;
geo $remote_proxy {
default 0;
include /etc/imunify360-webshield/agent-proxies.conf;
include /etc/imunify360-webshield/common-proxies.conf;
}
map $host $domain_whitelisted {
default 0;
include /etc/imunify360-webshield/whitelisted-domains.conf;
}
map $server_addr $bind_target {
default 127.0.0.1;
"~^[a-fA-F0-9:\[\]]+$" ::1;
}
geo $wsuserip $remote_country_code {
default none;
include /etc/imunify360-webshield/country_ips.conf;
}
map $remote_country_code $remote_blocked_by_country {
default 0;
include /etc/imunify360-webshield/blocked_country_codes.conf;
}
geo $wsuserip $custom_whitelisted {
default 0;
include /etc/imunify360-webshield/custom-whitelisted.conf;
}
geo $wsuserip $custom_blacklisted {
default 0;
include /etc/imunify360-webshield/custom-blacklisted.conf;
}
lua_shared_dict domains_ips 1m;
lua_shared_dict splashscreen_sessions 1m;
lua_shared_dict captchapassed_clients 1m;
lua_shared_dict notfound_ssl_domains 1m;
lua_shared_dict ipset_check_cacher 1m;
init_by_lua_file lua/init.lua;
map $server_port $proxy_port {
default 80;
52223 443;
52224 80;
52227 2087;
52228 2086;
52229 2083;
52230 2082;
52231 2096;
52232 2095;
52233 8443;
52234 8880;
52235 2222;
}
map $proxy_port $append_port {
default 1;
80 0;
443 0;
}
upstream catchall {
server 127.0.0.1;
balancer_by_lua_block {
local balancer = require "ngx.balancer"
local host = ngx.var.server_addr
if host ~= nil and host:match(":") then
host = "[" .. host .. "]"
end
local port = ngx.var.proxy_port
local ok, err = balancer.set_current_peer(host, port)
if not ok then
ngx.log(ngx.ERR, "failed to set the current peer: ", err)
return ngx.exit(ngx.ERROR)
end
}
keepalive 32;
}
server_tokens off;
more_set_headers "Server: imunify360-webshield/1.18";
server {
server_name _;
ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
include /etc/imunify360-webshield/ports.conf;
include /etc/imunify360-webshield/ssl_ports.conf;
include /etc/imunify360-webshield/ssl.conf;
include /etc/imunify360-webshield/webshield-server.conf.d/*.conf;
include /etc/imunify360-webshield/virtserver.conf;
}
}
Reference in New Issue View Git Blame Copy Permalink